ATRIUM -- Architecting Under Uncertainty for ISO 26262 compliance

The ISO 26262 is currently the dominant standard for assuring functional safety of electrical and electronic systems in the automotive industry. The Functional Safety Concept (FSC) subphase in the standard requires the Preliminary Architectural Assumptions (PAA) for allocation of functional safety requirements (FSRs). This paper justifies the need for, and defines a process ATRIUM, for consistent design of the PAA. ATRIUM is subsequently applied in an industrial case study for a function enabling highly automated driving at one of the largest heavy vehicle manufacturers in Europe, Scania CV AB. The findings from this study, which contributed to ATRIUM's institutionalization at Scania, are presented. The benefits of the proposed process include (i) a fast and flexible way to refine the PAA, and a framework to (ii) incorporate information from legacy systems into safety design and (iii) rigorously track and document the assumptions and rationale behind architectural decisions under uncertain information. The contributions of this paper are the (i) analysis of the problem (ii) the process ATRIUM and (iii) findings and the discussion from the case study at Scania. Keywords: ISO 26262, functional safety, automation, HCV, HGV, architectures, highly automated driving, ATRIUM, decision making, architecting, uncertainty management